SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Take the 7th Annual Log Management Survey and be entered to win a $250 American Express Gift card. This comprehensive survey has become a leading indicator of how well log management and automation helps organizations with their security and compliance needs. To take our survey, follow this link: http://www.sans.org/info/68369

The results will be released in early May during a short series of live webcasts with Jerry Shenk and Dave Shackleford. *************************************************************************

The Department of Veterans Affairs (VA) has shut down an unauthorized Yahoo website cloud application that was being used by VA doctors to store sensitive medical information. Late last month, VA information security authorities became aware of a shared calendar on a Yahoo cloud application that had a single password for multiple users. The password had never been changed in the three years that the calendar was in use. The information stored in the calendar included names, types of surgery performed and the last four digits of SSNs. The calendar was ordered to be shut down on November 24 and all the information was deleted. Nearly 900 patients will be notified that their information was stored on the site, which did not have adequate security controls in place. The incident is being called a mishandling of electronic information. -http://fcw.com/articles/2010/12/23/va-calendar-cloud-breach.aspx?admgarea=TC_SECCYBERSEC-http://www.informationweek.com/news/government/cloud-saas/showArticle.jhtml?articleID=228900122&cid=RSSfeed_IWK_All

[Editor's Note (Schultz): The incident may be termed "a mishandling of electronic information," but I fear it may in reality be the result of "cloud security per the usual." (Honan): This is a good example of why education and awareness are key elements in an effective infosec program. Many cloud solutions need no intervention from IT to set up. Some services are free while others simply require the client to know how to enter their credit card details into a web page. It is important therefore to ensure your users are aware of the risks involved in using these services and that they consult you before committing sensitive data to them. ]

Wireless phone companies are taking steps to improve the security of the ubiquitous devices. Carriers are making efforts to help prevent attacks and data theft, while hardware manufacturers are improving their products as well. AT&T has hired 13 PhDs to open a new mobile phone security lab in New York City. Carriers are also working with startup companies that are focused solely on mobile device security. Research in Motion (RIM) plans to improve the way BlackBerry users back up their data and remotely locate, lock or wipe the devices. -http://online.wsj.com/article/SB10001424052748704774604576035960449272404.html

[Editor's Comment (Northcutt): This story was found by my colleague David Hoelzer who noted that an emphasis on secure development will do more good than hiring PhDs to retrofit security. I would agree, but my biggest smartphone concern are the apps that phone home with information about the phone's owner.]

Apple Pulls WikiLeaks App from iTunes Stores (December 21 & 22, 2010)

Citing violations of developer guidelines, Apple has removed a WikiLeaks iPhone and iPad application from the iTunes store. The app allowed users to access WikiLeaks' Twitter feed and documents on the organization's website. It had been downloaded more than 4,000 times before Apple removed it from the store. Apps sold in the iTunes store "must comply with local laws and may not put an individual or targeted group in harm's way," according to a company spokesperson. The app was unofficial, meaning it was not released or endorsed by WikiLeaks, but the developer said that US $1, or half of the sale proceeds, was being donated to WikiLeaks for each download. -http://www.bbc.co.uk/news/technology-12059577-http://www.wired.com/threatlevel/2010/12/wikileaks-app/#more-22073

[Editor's Comment (Northcutt): In principle continuous monitoring is a great idea. I have only made one quick pass through the document, looks like they have changed some of the titles and descriptions and invented some new acronyms. If you are government or government contractor I encourage you to download the document, read it and give them feedback! ]**********************************************************************

The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Adv isory Capability (CIAC)

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu/.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/